3 Introduction This paper describes how to integrate VMware Horizon View with VMware Horizon Workspace, using the Security Assertion Markup Language (SAML) 2.0 standard to establish mutual trust, which is essential for single sign-on (SSO) functionality. With SSO enabled, users who have logged in to Horizon Workspace with Active Directory (AD) credentials can launch Horizon View desktops without having to go through a second login procedure. Requirements Integration of Horizon View with Horizon Workspace requires Horizon View Client 1.6 or later with Horizon View 5.2 or later and Horizon Workspace 1.0. After Horizon Workspace and Horizon View are installed, you need to perform the following tasks: Configure Horizon Workspace with Horizon View information. Configure Horizon View to delegate responsibility for authentication to Horizon Workspace. To do this, you create a SAML 2.0 Authenticator in Horizon View to contain the trust and metadata exchange between Horizon View and Horizon Workspace. These tasks are independent of one another and can be performed in any sequence. However, after you add SAML Authenticator information in Horizon View, use VMware Horizon Connector to make sure this information is saved and synchronized. Horizon Workspace Components Horizon Workspace includes five components, which are deployed as separate virtual appliances in a vapp and described in Installing Horizon Workspace: VMware Horizon Configurator (configurator-va) VMware Horizon Manager (service-va), also known informally as Horizon Service VMware Horizon Connector (connector-va) VMware Horizon Data (data-va) VMware Horizon Gateway (gateway-va) SAML 2.0 Standard SAML is an XML-based standard used to describe and exchange authentication and authorization information between different security domains. It passes information about users between identity providers and service providers in XML documents called SAML assertions. Integrated Horizon Workspace deployments use SAML 2.0 Authenticators to provide single sign-on (SSO) functionality. TECHNICAL WHITE PAPER / 3

6 Initial Horizon View Setup View Connection Servers and View Security Servers must be configured only on the default HTTPS port (443). Non-default ports for Horizon View servers and intermediate devices, such as load balancers between Horizon Workspace and Horizon View pods, are not supported with Horizon Workspace Deploy VMware Horizon View. For instructions, see VMware Horizon View Installation. 2. Verify that the Horizon View environment is configured and that Horizon View pools are created. 3. Entitle Active Directory users and groups to the appropriate Horizon View pools. 4. Verify that all Horizon View users have address assigned in Active Directory. Horizon Workspace does not sync users who have null addresses. Initial Horizon Workspace Setup You can integrate Horizon View with Horizon Workspace through either the Horizon Configurator Web interface or the Horizon Connector Web interface. This paper, however, provides instructions only on how to perform integration from the Horizon Connector Web interface. If Horizon Workspace is not yet installed and configured, see Installing Horizon Workspace for instructions. Configuring Horizon Workspace Perform the following steps after Horizon Workspace and Horizon View are installed: 1. Point Horizon Workspace and the Horizon View pod to the same Network Time Protocol (NTP) server. For domain-joined servers, the Active Directory often acts as the NTP server. Horizon Workspace components sync with their respective hosts, which should sync with the same NTP server as the Active Directory server. 2. Verify that the Horizon View deployment, as well as each virtual appliance in the Horizon Workspace vapp, has both its own DNS entry and static IP address with reverse lookup. If reverse lookup is not properly configured, the Horizon Workspace integration with Horizon View fails. 3. Log in to the Horizon Workspace Connector Web interface at: https://<horizonconnectorfqdn>:8443/hc/admin/ TECHNICAL WHITE PAPER / 6

10 4. On the Select Groups Page, add specific Active Directory groups to sync, and click Next. Note: Select groups explicitly to make sure they get synchronized. Figure 7: Select Specific Groups 5. Click Next to perform a dry run. This step provides information about the users and groups to be added to or removed from the Horizon database. Figure 8: Directory Sync Status Displaying Users and Groups to Be Synched 6. Click the Users or Groups link to display the list of users or groups to be synchronized. 7. Click Save and Continue to synchronize the selected users and groups. TECHNICAL WHITE PAPER / 10

13 Use the following steps to configure Horizon View pools: 1. Navigate to the View Pools page, click Enable View Pools, and provide information about the Horizon View environment. Figure 11: Horizon View Pool Enablement 2. Provide the Fully Qualified Domain Name (FQDN) of the primary View Connection Server in the Connection Server field. 3. Enter an account with at least read-only administrator privileges from the View Connection Server domain in the Username field. Horizon Connector fails to bind with View LDAP if this View Administrator user account is not from the same domain as the View Connection Server. 4. The FQDN for Client Access field is the end user s entry point when a Horizon View desktop is launched. This is the same URL that you provide for a View Client. 5. Select Enable SSO to enable single sign-on to the Horizon View desktop. If this feature is disabled, users have to re-authenticate when a Horizon View desktop is launched from Horizon Workspace. 6. Click Save to enable Horizon Workspace to fetch information about all the View Connection Servers in the Horizon View pod, Horizon View SSL certificates, and the status of the SAML 2.0 Authenticator on the View Connection Servers. 7. Click the Update SSL Cert link next to each View Connection Server, and click Accept on the Certificate Information page. 8. Click Save on the View Pools page to save the updated certificates from View Connection Servers. SSL certificates are not accepted by default. You must accept a SSL certificate explicitly, by clicking Invalid/Update SSL cert. If any SSL certificate fails to get validated during the sync operation, the sync operation fails. TECHNICAL WHITE PAPER / 13

14 9. Click Sync Now to sync Horizon View pool information. This process gathers Horizon View pool information from all the View Connection Servers in the Horizon View pod and stores it in the Horizon Workspace Database. Figure 12: Window Displaying Horizon View Pool Details to Be Synched The Sync operation synchronizes the following items: Number of View Connection Servers in a pod Horizon View pool entitlements Pool display names Protocols supported Pool state Sync Now also performs a dry run and reports information about which pools are to be synchronized. 10. Click Continue on the dry sync action and complete the sync job. 11. You can schedule recurring sync operations. The frequency of the sync operation typically depends upon how often your Horizon View deployment is updated. Horizon does not synchronize information about the number of desktops in a pool, so you do not need to run a sync operation when you add or remove a desktop from a pool. Adding or removing a pool, however, does require a sync operation. 12. To check sync operation status, click Check Alerts under Last Sync Status Summary. Validate User and Group Entitlements to Horizon View Pools The Horizon View pool sync operation stores Horizon View environment details in the Horizon database. 1. To verify that sync operation has succeeded, log in to the Horizon Workspace Administrator Web interface at: https://<horizongatewayfqdn>/saas/ 2. Select Catalog > View Pools, and click a Horizon View pool. The Entitlements option displays information about group and user entitlements for that Horizon View pool. The Details tab displays the connection information, which consists of attributes retrieved from the View Connection Server instance. This completes the preliminary configuration from Horizon Workspace. TECHNICAL WHITE PAPER / 14

15 Configuring Horizon View When the preliminary procedures are complete, perform the following steps: 1. Configure the View Connection Server to delegate responsibility for authentication to Horizon Workspace. See Authentication in Horizon View for more information on Horizon View SAML 2.0 authentication settings and options. 2. After SAML is enabled and updated from the View Connection Server, verify that this information is correctly displayed on the Horizon Connector View Pools page. Click Save to get updated SAML information from View Connection Servers. Figure 13: Verify Information on View Pools Window This completes the Horizon Workspace and Horizon View integration process. TECHNICAL WHITE PAPER / 15

16 Verify Desktop Launch Capability To verify that the preceding procedures have succeeded, launch a Horizon View desktop from Horizon Workspace, using SSO: 1. Log in to Horizon Workspace as a Horizon View pool user from a Horizon View Client on any supported device. The URL is: https://<horizongatewayfqdn>/web 2. Navigate to the Computers tab. Figure 14: Horizon Workspace Computers Window 3. Click a pool icon to launch a Horizon View desktop from that pool. If your pool supports Horizon View HTML Access, you can right-click the pool icon to select a protocol. This selection is retained for the next desktop launch. Open with VMware View uses the Horizon View Client. Open with web browser uses an HTML browser to launch a desktop. If the Horizon View Client is not installed, selecting Install View Client redirects you to an appropriate download link. TECHNICAL WHITE PAPER / 16

17 Horizon View Pool Protocol Selection When you create or edit Horizon View pools from the View Administrator console, you can choose which protocol, PCoIP or RDP, to use by default when users launch Horizon View desktops. With the Open with VMware View option, Horizon View desktops launched from Horizon Workspace use whichever protocol is selected as Default display protocol. Figure 15: Display Protocol Selection The Allow users to choose protocol setting does not apply when users launch their Horizon View desktops from Horizon Workspace. TECHNICAL WHITE PAPER / 17

18 Configuring SAML 2.0 Authentication Further details about authentication procedures and options for Horizon View and Horizon Workspace are described in the following sections. Authentication in Horizon View To launch Horizon View desktops from Horizon Workspace, you need to configure SAML 2.0 Authentication in Horizon View. 1. Log in to the Horizon View Administrator Web interface with an administrative user account. 2. Select View Configuration > Servers from the navigation panel to access the SAML 2.0 settings described in the following sections. 3. On the Connection Servers tab, select a Connection Server from the list and then select Edit > Authentication. 4. Configure each Connection Server that you want to use SAML 2.0 for authentication to Horizon. Figure 16: Configuring SAML Authenticator Information TECHNICAL WHITE PAPER / 18

19 Enable a SAML 2.0 Authenticator Use the Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator) drop-down menu to enable and disable the SAML 2.0 Authenticator. Figure 17: SAML 2.0 Authenticator Drop-Down Options The menu options are described in the table below: MENU OPTION DESCRIPTION Required Allowed Disabled SAML 2.0 Authentication is enabled. You can launch Horizon View desktops only from Horizon Workspace. You cannot launch Horizon View desktops from the View Client manually. You can use SSO to access the Horizon View desktop. Smart card and twofactor authentication options are disabled. SAML 2.0 Authentication is enabled. You can launch Horizon View desktops from both the View Client and Horizon Workspace. You can use SSO to access the Horizon View desktop. Smart card and twofactor authentication options are enabled and can be selected. Smart card and two-factor authentication are used only by the View Client and are ignored by the Horizon Portal. SAML 2.0 Authentication is disabled. You can launch Horizon View desktops from both the View Client and the Horizon Workspace if SAML was configured before changing it to disabled state. You cannot use SSO to access the Horizon View desktop from Horizon Workspace. Smart card and two-factor authentication options are enabled and can be selected. Table 1: SAML 2.0 Authenticator Options TECHNICAL WHITE PAPER / 19

20 Add a SAML 2.0 Authenticator There are two ways to add a new SAML 2.0 Authenticator: 1. On the SAML Authenticator drop-down menu, select Create New Authenticator. 2. Use the Manage Authenticators option, and click Add (see Manage Authenticators). Both options display the Add SAML 2.0 Authenticator window. Figure 18: Add SAML 2.0 Authenticator Window The fields are described in the table below: FIELD NAME DESCRIPTION Label This is a required field that must contain a unique name for the SAML 2.0 Authenticator you are creating. Description This is an optional field that can contain the description of the SAML 2.0 Authenticator to make the label more informative. Metadata URL Administration URL This is a required field and the URL must be HTTPS. The full URL is: https://<your HORIZON SERVER NAME>/SAAS/API/1.0/ GET/metadata/idp.xml Instead of typing in the full URL, you can select the Metadata URL field. The section <YOUR HORIZON SERVER NAME> is highlighted where you can provide the FQDN or IP address of your Horizon Gateway or the load balancer. This should point to the Horizon Connector Web interface. It is an optional field. Table 2: Add SAML 2.0 Authenticator Fields After you enter valid details, you must either accept the self-signed certificate (self-signed certificates are not recommended) or use a trusted certificate for Horizon View and Horizon Workspace. After this, the SAML 2.0 Authenticator drop-down menu displays the newly created authenticator, which is now set as the selected authenticator. TECHNICAL WHITE PAPER / 20

21 Manage Authenticators Use the Manage Authenticators options to add, edit, or remove SAML 2.0 Authenticators. Removing the last authenticator used by a View Connection Server in the Horizon View pod sets the SAML 2.0 Authenticator to Disabled. You cannot remove an authenticator if it is being used by any View Connection Server in the Horizon View pod. Select an Existing SAML 2.0 Authenticator Select a SAML 2.0 Authenticator from the SAML Authenticator drop-down menu on each View Connection Server, and click OK. Dashboard When you create a valid SAML 2.0 Authenticator, the dashboard on the View Administrator displays the authenticator s health. You can select Dashboard on the Inventory or select System Health > Other components > SAML 2.0 Authenticators. Figure 19: System Health Directory Selecting the SAML 2.0 Authenticator from the Dashboard displays a health authenticator panel. If there are no problems, the authenticator s health is green, as shown in the following window: Figure 20: Health Authenticator Window Displays Green No Problems Detected TECHNICAL WHITE PAPER / 21

22 If there are issues, the health is shown as red. In the next window, the Status field indicates that there is an untrusted certificate. When you validate and accept the certificate, the health status becomes green. Figure 21: Health Authenticator Window Displays Red Issues Detected An authenticator s health can also display red if Horizon Gateway is not available or if there is an error in the metadata URL. Authentication in Horizon Workspace SAML 2.0 enables SSO from Horizon Workspace to a Horizon View desktop without requiring re-authentication from users who have logged in using their AD credentials. If a user authenticates to Horizon Workspace without presenting AD credentials for instance, by using SecurID or Kerberos SSO is not possible, and the user must provide credentials on the Horizon View desktop. Horizon Workspace supports Horizon View desktops on desktops, laptops and ipads; however, it does not support SSO on ipads. TECHNICAL WHITE PAPER / 22

24 For Horizon View integration to work in a multidomain environment, verify the following items: Horizon Workspace and all the View Connection Servers must be joined to the same domain. Directory Server host information on the Horizon Connector Directory page must match the Active Directory server host information for the View Connection Servers. This Directory Server should also be a Global Catalog Server in your domain. Do not specify parent or sibling domain controller information. Global Catalog information on the Horizon Connector Directory page allows users from sub-domains and sibling domains to access Horizon Workspace and Horizon View desktops. Specify the Global Catalog port in the Server Port field (the default is 3268), and leave the Base DN field blank to allow searching across multiple trusted domains. Users and groups from other trusted domains must be synchronized. Figure 23: Specify Global Catalog Server and Port on the Directory Page TECHNICAL WHITE PAPER / 24

25 Troubleshooting and Tips The following information can be useful for debugging and resolving various issues: Configure all View Connection Servers, including load balancers, on the default HTTPS port (443). Create Horizon View pools as a user with administrator permissions on the root folder in the View Administrator Console. If you try to create pools without administrator permissions on the root folder, Horizon Workspace cannot recognize the SAML 2.0 Authenticator you configured in View Administrator, and you cannot sync the Horizon View pool in Horizon Workspace. You must install a View Client on the user device that launches Horizon Workspace if you want to use RDP/ PCoIP to launch Horizon View desktops. Horizon Workspace does not support View Connection Server tags or Terminal Services pools. Whenever a Horizon View pool sync operation is performed, the Horizon Connector fetches Horizon View deployment related information, including updates from the View Active Directory Application Module (ADAM), and stores it in the Horizon database. Horizon Workspace cannot make changes to Horizon View pools or the Horizon View environment. If a View administrator makes changes to Horizon View pool, a Horizon admininstrator must implement a Horizon View pool sync operation from Horizon Workspace to propagate the changes to Horizon Workspace. If a new user or group is added to Horizon View entitlements, the Horizon administrator must sync those users and groups before the Horizon View pools information can be synchronized. All View Connection Servers that are in a disabled state are removed from Horizon Workspace on the next sync operation. The sync completes successfully if there is at least one View Connection Server available in the Horizon View environment. Newly added replicated Connection Servers are registered with Horizon Workspace on the next sync. Accept Horizon View SSL certificates explicitly to validate that they have been fetched successfully. Horizon View pool synchronization fails if any of the SSL certificates fail to get validated during a sync operation. Maintain SSL trust between the Horizon Workspace and the View Connection Servers at all times. If you change an SSL certificate on the View Connection Server after integration, you must return to the Horizon Connector and re-accept the SSL certificate. If the Horizon Workspace certificate changes after the initial configuration, you must re-accept the SAML 2.0 Authenticator information from Horizon View. Horizon does not sync pools that are in maintenance mode or that have no entitlements. If a Horizon View pool has user or group entitlements, and the Horizon View pool does not sync, ensure that the user or group is synchronized (directory sync) before performing the Horizon View pool sync operation. Horizon performs sync operations from the primary View Connection Server specified under Initial Connection Server on the View Pools page on the Horizon Workspace Connector. If this server is not available, Horizon continues to perform the sync operation from the next available replicated View Connection Server. Horizon does not sync information about the number of Horizon View desktops in a pool, so addition or removal of Horizon View desktops from pools does not require a sync operation. Addition or removal of a pool, however, does require a sync operation. In Horizon Connector, the FQDN for Client Access should point to the View Connection Server where the SAML 2.0 Authenticator is set. If a load balancer is being used, the FQDN for Client Access should point to the load balancer. All View Connection Servers behind this load balancer should be configured to the same SAML 2.0 Authenticator. If SSO to Horizon View desktops is not working, verify that the SSO option is enabled on the Horizon Workspace Connector Web interface View Pools page and that you have logged into Horizon Workspace using AD credentials. TECHNICAL WHITE PAPER / 25

26 Horizon Workspace and Horizon View must sync time from the same NTP server. Differences in time can lead to rejection of SAML requests when you try to launch a Horizon View desktop. Check the Horizon vapp current time and relative drift information from: https://<configurator FQDN>/cfg/system For log file locations, see: - Horizon Connector log /opt/vmware/c2/c2instance/logs/connector.log Look at this log file if you cannot save a Horizon View configuration in Horizon Workspace. The log contains a record of each request received from the Horizon Workspace client interface, including the request URL, timestamp, and exceptions. No sync actions are recorded. - Horizon Manager (Service) log /opt/vmware/horizon/horizoninstance/logs/horizon.log Check this log for details if Horizon Workspace saves Horizon View pool information but cannot sync or store Horizon View information in the Horizon database. This log also provides information about unsuccessful Horizon View desktop launches and activity on the Horizon Manager virtual appliance, such as entitlements, users, and groups. - View Connection Server log Application Data\VMware\VDM\logs Look at this log file to check detailed error messages and for information about Horizon View desktop launch failures. For failed Horizon View desktop launches from the Horizon Portal, check the View Connection Server log. Use the debug log level for more detailed information. For user login issues, search the logs for SamlAuthFilter or ProperoAuthFilter. For other integration issues, search the log for SamlSOAP, SamlUtil, SamlIdentity, and SamlHttpUtil. Common issues include: - Clocks must be synched between View Connection Servers and Horizon Workspace vapp. Example log errors include: Assertion XXX is not valid before... Assertion XXX is no longer valid.... Too late by x milliseconds... - Horizon Workspace cannot retrieve Horizon View metadata. Ensure that Horizon Connector has accepted and saved the View Connection Server certificates. The following is an example log error: Error sending artifact resolve SOAP message to... - Horizon View cannot connect to Horizon Service. Ensure the View Administration dashboard shows a healthy SAML 2.0 Authenticator. TECHNICAL WHITE PAPER / 26

27 The following is an example log error: Error sending artifact resolve SOAP message to... - Using HTTP instead of HTTPS to log in to the Horizon Workspace end-user client. Access the Horizon Workspace end-user client from: https://<your horizon gateway>/ The following is an example log error: Source ID hash from artifact does not match hash of entityid Microsoft does not recommend the use of disjoint namespaces in the domain, and their use may prevent working with Kerberos. Horizon Workspace uses Kerberos to launch Horizon View desktops. Conclusion As is often the case, improving user experience requires some extra setup and verification. This paper provides Horizon administrators with detailed instructions for implementing single sign-on functionality so that end users can launch Horizon View desktops directly from Horizon Workspace. TECHNICAL WHITE PAPER / 27

Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox VMware Identity Manager SEPTEMBER 2015 V1 Configuring Single Sign-On from VMware Identity Manager to Dropbox Table of Contents

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to AirWatch Applications

VMware Identity Manager Connector Installation and Configuration VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document

VMware Identity Manager Administration VMware Identity Manager 2.6 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to ServiceNow Table of Contents

Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

VMware vcenter Log Insight Getting Started Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

Administrator Guide JustSSO is a Single Sign On (SSO) solution specially developed to integrate Google Apps suite to your Directory Service. Product developed by Just Digital v 11 Index Overview... 3 Main

CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

Installing and Configuring vcloud Connector vcloud Connector 2.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents

VMware vcenter.ga September 25, 2013 GA Last updated: September 24, 2013 Check for additions and updates to these release notes. RELEASE NOTES What s in the Release Notes The release notes cover the following

Deploying CTERA Agent via Microsoft Active Directory and Single Sign On Cloud Attached Storage September 2015 Version 5.0 Copyright 2009-2015 CTERA Networks Ltd. All rights reserved. No part of this document

CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

Request Manager Installation and Configuration Guide vcloud Request Manager 1.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

Setup Guide Access Manager Appliance 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS

Setup Guide Access Manager 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE

Active Directory integration with CloudByte ElastiStor Prerequisite Change the time and the time zone of the Active Directory Server to the VSM time and time zone. Enabling Active Directory at VSM level

Reconfiguration of VMware vcenter Update Manager Update 1 vcenter Update Manager 4.1 This document supports the version of each product listed and supports all subsequent versions until the document is

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication Authentication is about security and user experience and balancing the two goals. This document describes the authentication

Deploying F5 with VMware View and Horizon View Welcome to the F5 and VMware View Deployment Guide. This document contains guidance on configuring the BIG-IP system version 11 and later, including BIG-IP

Installing and Configuring VMware Workspace Portal Workspace Portal 2.1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

How-to: Single Sign-On Document version: 1.02 nirva systems info@nirva-systems.com nirva-systems.com How-to: Single Sign-On - page 2 This document describes how to use the Single Sign-On (SSO) features

Upgrading VMware Identity Manager Connector VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

vcenter Operations Manager for Horizon Supplement vcenter Operations Manager for Horizon 1.6 This document supports the version of each product listed and supports all subsequent versions until the document

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,

AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from

SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release

Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment

Chapter 41 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

VMware Horizon 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this

Offline Data Transfer to VMWare vcloud Hybrid Service vcloud Connector 2.5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.